CN106295413B - Semiconductor device with a plurality of semiconductor chips - Google Patents

Semiconductor device with a plurality of semiconductor chips Download PDF

Info

Publication number
CN106295413B
CN106295413B CN201610471517.8A CN201610471517A CN106295413B CN 106295413 B CN106295413 B CN 106295413B CN 201610471517 A CN201610471517 A CN 201610471517A CN 106295413 B CN106295413 B CN 106295413B
Authority
CN
China
Prior art keywords
memory
secure
processor
region
semiconductor device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610471517.8A
Other languages
Chinese (zh)
Other versions
CN106295413A (en
Inventor
赵庆浩
全宇衡
朴东珍
赵成旻
梁振诚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020150118708A external-priority patent/KR102432473B1/en
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Publication of CN106295413A publication Critical patent/CN106295413A/en
Application granted granted Critical
Publication of CN106295413B publication Critical patent/CN106295413B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • G06F3/0679Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

A semiconductor device is provided. A semiconductor device includes: a processor to perform operations using data stored in the memory; and a memory protector dividing the memory into a first window region and a second window region. The first window region includes a first metapage of a first size. The second window region includes a second metapage of a second size, wherein the second size is smaller than the first size. The memory protector is configured to: the first and second tile metapages are prevented from being accessed by the processor.

Description

Semiconductor device with a plurality of semiconductor chips
This application claims priority to korean patent application No. 10-2015-0092246, which was filed on 29.6.2015, and korean patent application No. 10-2015-0118708, which was filed on 24.8.2015, to the korean intellectual property office, the disclosures of each of which are incorporated herein by reference in their entirety.
Technical Field
The present inventive concept relates to a semiconductor device.
Background
To provide a secure execution environment for a mobile application, the mobile application may be configured to: one CPU (central processing unit) is provided with a secure area (or secure domain) and a normal area (or normal domain) without using an additional secure hardware chip. Here, a general application may be operated in a normal domain, and an application requiring security may be safely operated in a security domain.
Disclosure of Invention
At least some aspects of the inventive concept provide a semiconductor device that can efficiently acquire a security buffer for security data.
However, aspects of the inventive concept are not limited to the aspects set forth herein. The above and other aspects of the inventive concept will become more apparent to those of ordinary skill in the art to which the inventive concept pertains by referencing the detailed description of the inventive concept given below.
According to at least some example embodiments of the inventive concepts, there is provided a semiconductor device including: a processor configured to perform operations using data stored in the memory; a memory protector configured to divide the memory into a first window region and a second window region, the first window region comprising a first metapage of a first size, the second window region comprising a second metapage of a second size, the second size being smaller than the first size, and to prevent the first metapage and the second metapage from being accessed by the processor if the request from the processor is not at least one of a secure read and a secure write.
The memory protector of the example embodiment is configured to: the first page table includes memory address information corresponding to at least one of the first window region and the second window region.
The processor of the example embodiment is configured to: the secure area is accessed by a secure address and the insecure area is accessed by an insecure address, and the semiconductor apparatus further comprises: a content firewall controller configured to prevent the processor from (i) writing secure content data in the non-secure area or (ii) reading system data stored in the non-secure area. The content firewall controller is further configured to: physical addresses for accessing the memory are received from a memory management controller, which is coupled to the processor.
According to another example embodiment of the inventive concepts, there is provided a semiconductor apparatus including: a memory including a first window region, a second window region, and a security buffer region, the memory configured to reserve the security buffer region for secure content data; a memory controller configured to: searching for a first metapage of a first size in a first window region, assigning the first metapage to a security buffer region, and searching for a second metapage of a second size in a second window region, the second size being smaller than the first size, and assigning the second metapage to the security buffer region; a memory protector configured to: the method further includes providing information about the first window region and the second window region to a memory and preventing the first and second meta-pages from being accessed if the request from the processor is not at least one of a secure read and a secure write.
A memory protector according to an example embodiment is configured to: information about a first window region and a second window region is provided to a memory controller based on a first page table, wherein the first page table includes memory address information corresponding to at least one of the first window region and the second window region. The first page table further includes security attribute information regarding the memory address information and window identification flag information corresponding to the memory address information.
According to another example embodiment of the inventive concepts, there is provided a semiconductor apparatus including: a first processor; a second processor, the first processor and the second processor configured to perform operations based on data stored in the memory; a content firewall controller configured to determine whether a first physical address received from a memory management controller of a first processor is a secure address or a non-secure address; a memory protector configured to receive a second physical address from at least one of the content firewall controller and a memory management controller of the second processor, divide the memory into a first window area and a second window area, wherein the first window area includes a first metapage of a first size, the second window area includes a second metapage of a second size, the second size is smaller than the first size, and prevent the first metapage and the second metapage from being accessed by the first processor and the second processor if a request for access from the first processor and the second processor is not at least one of a secure read and a secure write.
According to an example embodiment, the semiconductor further comprises a third processor, wherein the memory protector is configured to receive a second physical address from an external memory management controller connected to the third processor to access the memory. The memory protector is configured to: the memory is divided into a third window area, the third window area including a third metapage of a third size, and the third metapage is prevented from being accessed by the first processor and the second processor if the request for access is not at least one of a secure read and a secure write.
According to one exemplary embodiment, a memory controller of a semiconductor device includes a memory protector and a memory controller. The memory protector is configured to divide the memory into window regions and generate information associated with the window regions. The memory controller is configured to: the generated information associated with the window region is received and the secure buffer region is allocated to the memory based on the information about the window region received from the memory protector. The memory controller is further configured to: receiving an instruction from a processor to access a memory; searching a first metapage, wherein the first metapage is in a first window area; allocating a first metapage to a secure buffer area; searching a second metapage, the second metapage being in a second window region, the second size being smaller than the first size; and a second fragment page is allocated to the secure buffer area.
Drawings
The above and other aspects and features of the inventive concept will become more apparent by describing in detail non-limiting exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals refer to like parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the inventive concepts. In the drawings:
fig. 1 is a schematic view illustrating a semiconductor apparatus according to an example embodiment of the inventive concepts;
fig. 2 is a schematic view illustrating an operation of a semiconductor apparatus according to an example embodiment of the inventive concepts;
fig. 3 is a schematic view illustrating another operation of a semiconductor apparatus according to an example embodiment of the inventive concepts;
fig. 4 is a schematic view illustrating another operation of a semiconductor apparatus according to an example embodiment of the inventive concepts;
fig. 5 is a schematic view illustrating a memory structure of a semiconductor apparatus according to an example embodiment of the inventive concepts;
fig. 6 and 7 are schematic views each showing a memory allocation process of a semiconductor apparatus according to an example embodiment of the inventive concepts;
FIGS. 8 and 9A are schematic diagrams illustrating a page table used by a memory protector according to example embodiments of the inventive concepts;
FIG. 9B is a schematic diagram illustrating another example embodiment of the page table shown in FIG. 9A;
fig. 9C is a schematic view illustrating another operation of a semiconductor apparatus according to an example embodiment of the inventive concepts;
FIG. 9D is a schematic diagram showing a page table used in the operation shown in FIG. 9C;
fig. 10 is a schematic view illustrating a memory allocation process of a semiconductor apparatus according to another example embodiment of the inventive concepts;
FIG. 11 is a schematic diagram illustrating a page table used by a memory protector according to another example embodiment of the present inventive concept;
fig. 12 is a schematic diagram illustrating a page table used by a content firewall controller and a memory management controller according to an example embodiment of the inventive concepts;
fig. 13 to 15 illustrate non-limiting example embodiments of semiconductor systems to which semiconductor devices may be applied, according to some example embodiments of the inventive concepts.
Detailed Description
Hereinafter, example embodiments will be described in detail with reference to the accompanying drawings. The inventive concept may, however, be embodied in many different forms and should not be construed as being limited to the example embodiments set forth herein. Rather, these exemplary embodiments are provided as examples so that this disclosure will be thorough and complete, and will fully convey the concept of the inventive concept to those skilled in the art. Accordingly, well-known processes, elements and techniques have not been described in detail with respect to some example embodiments of the inventive concepts. Unless otherwise indicated, like reference numerals refer to like elements throughout the drawings and written description, and thus the description will not be repeated. In the drawings, the size and relative sizes of layers and regions may be exaggerated for clarity.
While the inventive concept is susceptible to various modifications and alternative forms, specific non-limiting exemplary embodiments thereof have been shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that there is no intention to limit the inventive concepts to the specific forms disclosed, but on the contrary, the inventive concepts are to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the inventive concepts.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various elements, components, regions, layers and/or sections, these elements, components, regions, layers and/or sections should not be limited by these terms. These terms are only used to distinguish one element, component, region, layer or section from another element, component, region, layer or section. Thus, a first element, component, region, layer or section discussed below could be termed a second element, component, region, layer or section without departing from the teachings of the present inventive concept.
Spatially relative terms (such as "under …," "under …," "under …," "over …," "over," etc.) may be used herein to describe one element or feature's relationship to another element or feature (or other multiple elements or features) as illustrated in the figures for ease of description. It will be understood that the spatially relative terms are intended to encompass the orientations described in the figures and the various orientations of the device in use or operation. For example, if the device in the figures is turned over, elements described as "below" or "beneath" other elements or features would then be oriented "above" the other elements or features. Thus, example terms "below …" and "below …" may include both orientations of "above … …" and "below … …". The device may be otherwise oriented (rotated 90 degrees or at other orientations) and the spatially relative descriptors used herein interpreted accordingly. In addition, it will also be understood that when a layer is referred to as being "between" two layers, it can be the only layer between the two layers, or one or more intervening layers may also be present.
The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting of the inventive concept. As used herein, the singular forms also are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items. Additionally, the term "exemplary" is intended to mean exemplary or illustrative.
It will be understood that when an element or layer is referred to as being "on," "connected to," "coupled to," or "adjacent to" another element or layer, it can be directly on, connected to, coupled to, or adjacent to the other element or layer, or intervening elements or layers may be present. In contrast, when an element is referred to as being "directly on," "directly connected to," "directly coupled to" or "directly adjacent to" another element or layer, there are no intervening elements or layers present.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the inventive concept belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and/or the present specification and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Hereinafter, example embodiments of the inventive concept will be described with reference to the accompanying drawings.
Fig. 1 is a schematic view illustrating a semiconductor apparatus according to an example embodiment of the inventive concepts.
Referring to fig. 1, a semiconductor apparatus according to an example embodiment of the inventive concepts may include: a first processor 100, a second processor 102, a third processor 104, a Memory Management Controller (MMC)200, a Content Firewall Controller (CFC)300, a Memory Protector (MP)400, a Memory Controller (MC)410, and a memory 420. These components may receive and transmit data over connection 500 (e.g., a bus).
First processor 100, second processor 102, third processor 104, memory management controller 200, content firewall controller 300, memory protector 400, and memory controller 410 are implemented using hardware components, processors executing software components, or a combination thereof. The execution of one or more algorithms described in the exemplary embodiments of the inventive concept, the hardware components described above, or a processor executing software components results in a special purpose processor. The algorithm presented in the exemplary embodiments of the inventive concept constitutes a sufficient structure that may include: including, but not limited to, mathematical formulas, flow charts, computer code, and/or steps that when executed, produce a special purpose processor or computer.
One or more of the above processors are computer processing devices configured to execute program code by performing arithmetic operations, logical operations, and input/output operations. Once the program code is loaded into one or more processors, the one or more processors may be programmed to execute the program code, thereby transforming the one or more processors into a special-purpose processor or computer. Alternatively, or in addition to the processors discussed above, the hardware devices may include one or more Central Processing Units (CPUs), Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), system-on-chips (socs), Field Programmable Gate Arrays (FPGAs), and the like. In at least some instances, one or more CPUs, socs, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), and Field Programmable Gate Arrays (FPGAs) may be generally referred to as processing circuits and/or microprocessors.
The first processor 100, the second processor 102, and the third processor 104 may perform operations using data stored in the memory 420. The first processor 100, the second processor 102, and the third processor 104 may provide instructions to the memory controller 410 for writing data into the memory 420 and instructions for reading data stored in the memory 420. Here, the data may be content data including multimedia data, but the scope of the inventive concept is not limited thereto. The data may be system data including operating system code.
In some example embodiments of the inventive concept, the first processor 100, the second processor 102, and the third processor 104 may include a Central Processing Unit (CPU), a Graphic Processing Unit (GPU), a Multimedia Intellectual Property (MIP), and the like, but the scope of the inventive concept is not limited thereto.
Meanwhile, the memory management controller 200 and the content firewall controller 300 will be described later with reference to fig. 2 and 3.
The memory protector 400 prevents external unsecure access of a portion of memory by the first processor 100, the second processor 102 and the third processor 104. Specifically, the memory protector 400 divides an area of the memory 420 into a plurality of window areas and prevents the plurality of window areas from being insecure accessed by the first processor 100, the second processor 102, and the third processor 104.
It should be noted that one window region may include both a secure storage region storing secure data and a non-secure storage region storing non-secure data. Here, the secure memory area may be accessed by a secure address, and the non-secure memory area may be accessed by a non-secure address. Information regarding whether an address is a secure address or a non-secure address may be managed by the memory protector 400 as a specific data structure (e.g., a page table). The non-secure storage area included in one window area may be a candidate area to be allocated to a secure buffer to be described later.
The memory protector 400 provides information regarding the plurality of window regions to the memory controller 410.
The memory controller 410 may process requests by the first processor 100, the second processor 102, and the third processor 104 to access the memory 420, and may also allocate a secure buffer area to the memory 420 based on information about a plurality of window areas, which has been provided from the memory protector 400.
The secure buffer area denotes a secure storage area for storing secure data, for example, secure content data such as Digital Rights Management (DRM) data. In other words, the security data protected by DRM must be stored in a storage area that is protected from insecure access by the first processor 100, the second processor 102, and the third processor 104.
For example, when the memory controller 410 receives a write request of 1024MB of secure data from the first processor 100, the second processor 102, and the third processor 104, the memory controller 410 must ensure enough memory to successfully write the 1024MB of secure data. For convenience of explanation, it is assumed that the security data requested by the first processor 100, the second processor 102, and the third processor 104 is DRM video data. In this case, when the secure storage area of 1024MB is reserved in the memory 420 in advance in anticipation of not determining whether the first processor 100, the second processor 102, and the third processor 104 request secure data, the secure storage area cannot be used for any other purpose, thus wasting memory resources.
Meanwhile, the capacity of the memory that should be reserved for the DRM video data requested by the first processor 100, the second processor 102, and the third processor 104 may be important. However, even when the available memory in the memory 420 has a sufficient size to store the DRM video data, particularly if the available memory is divided into a large number of small fragments (e.g., less than 64KB) and distributed in the mobile application execution environment, the collection of a sufficient amount of memory for the DRM video data may be difficult.
The memory controller 410 overcomes such a problem by allocating a security buffer area to the memory 420 based on information about a plurality of window areas, which has been provided from the memory protector 400, the details of which will be described later.
The memory 420 may include the plurality of window regions mentioned above, and may include a secure buffer region reserved for writing secure content data. In some exemplary embodiments of the inventive concept, the memory 420 may include a Dynamic Random Access Memory (DRAM), but the type of the memory is not limited thereto.
Fig. 2 is a schematic view illustrating an operation of a semiconductor apparatus according to an example embodiment of the inventive concepts.
Referring to fig. 2, the first processor 100 may be a multimedia IP. Examples of multimedia IP may include, but are not limited to, at least a Memory Flow Controller (MFC), scaler, and DeCON. The memory access request created from the first processor 100 is transmitted to the memory management controller 200.
The memory access request created from the first processor 100 uses a virtual address. Memory management controller 200 translates the virtual address included in the request to a physical address and transmits the request including the physical address to memory protector 400.
Meanwhile, the memory management controller 200 checks whether the memory access request created from the first processor 100 is a request for a secure address, and transmits the request to the memory protector 400 only when the request corresponds to one of a secure read and a secure write.
For example, when the request of the first processor 100 is a request for writing secure content data in the non-secure storage area or for reading system data (e.g., operating system code) stored in the non-secure storage area, the memory management controller 200 may transmit an error message to the first processor 100 without processing such a request. In this way, requests from the first processor 100 that are not security-aware may be processed by the security-aware memory management controller 200.
For this operation, memory management controller 200 may manage and maintain a data structure (e.g., a page table) including address information and security attribute information about the address of memory 420. In some exemplary embodiments of the inventive concept, the security attribute information may include a security read flag, a security write flag, a non-security read flag, and a non-security write flag.
Hereinafter, the memory controller 410 may process the request of the first processor 100, and may also allocate a secure buffer area to the memory 420 based on information on a plurality of window areas provided from the memory protector 400, as described later.
Fig. 3 is a schematic view illustrating another operation of a semiconductor apparatus according to an example embodiment of the inventive concepts.
Referring to fig. 3, the second processor 102 may be a Graphics Processor (GPU). In this case, the second processor 102, i.e., the GPU, may include a GPU core 102a and a memory management controller 102b, and here, it is assumed that the memory management controller 102b included in the second processor 102 does not have security awareness.
The memory access request created from the GPU core 102a is transmitted to the memory management controller 102b, and the virtual address included in the request is converted into a physical address by the memory management controller 102 b. Memory management controller 102b may transmit a request including the physical address to content firewall controller 300.
Content firewall controller 300 checks whether the memory access request created from second processor 102 is a request for a secure address and transmits the request to memory protector 400 only if the request corresponds to one of a secure read and a secure write.
For example, when the request of the second processor 102 is a request for writing secure content data in an unsecure storage area or for reading system data (e.g., operating system code) stored in an unsecure storage area, the content firewall controller 300 may transmit an error message to the second processor 102 without processing such a request. In this manner, requests from the second processor 102 that are not security aware may be processed through the security aware content firewall controller 300.
For this operation, content firewall controller 300 may manage and maintain a data structure, e.g., a page table, including address information of memory 420 and security attribute information on the address. In some example embodiments of the inventive concepts, the security attribute information may include at least a security read flag, a security write flag, a non-security read flag, and a non-security write flag.
Thereafter, the memory controller 410 may process the request of the second processor 102, and may also allocate a secure buffer area to the memory 420 based on information about a plurality of window areas provided from the memory protector 400, as described later.
Fig. 4 is a schematic view illustrating another operation of a semiconductor apparatus according to an example embodiment of the inventive concepts.
Referring to fig. 4, the third processor 104 may be a CPU. In this case, the third processor 104, i.e., the CPU, may include a CPU core 104a and a memory management controller 104b, and here, it is assumed that the memory management controller 104b included in the third processor 104 has security awareness.
A memory access request created from the CPU core 104a is transmitted to the memory management controller 104b, and a virtual address included in the request is converted into a physical address by the memory management controller 104 b. The memory management controller 104b may transmit a request including the physical address to the memory protector 400.
In an example embodiment, since the memory management controller 104b included in the third processor 104 checks whether the memory access request created in advance from the CPU core 104a is a request for a secure address, no additional component is required.
Thereafter, the memory controller 410 may process the request of the third processor 104, and may also allocate a secure buffer area to the memory 420 based on information about the plurality of window areas provided from the memory protector 400, as described later.
Fig. 5 is a schematic view illustrating a memory structure of a semiconductor apparatus according to an example embodiment of the inventive concepts.
Referring to fig. 5, the memory 420 may include a plurality of window regions 600, 610 and 620.
As described above, each of window region 600, window region 610, and window region 620 may include both secure and non-secure memory regions accessed by secure and non-secure addresses, respectively. Further, each of window region 600, window region 610, and window region 620 may include: an unavailable memory region that is allocated to a particular processor and is already in use, and an available memory region that can be used as needed. In particular, in some example embodiments of the inventive concepts, the available storage areas may include a metapage reserved between unavailable storage areas.
For example, each of window regions 600 and 620 may include a memory region where memory allocation and deallocation for relatively small data frequently occurs. When memory allocation and deallocation for relatively small data frequently occurs in a memory region, the fragment rate of the corresponding memory region may be increased. Thus, the available storage area present in each of window region 600 and window region 620 may exist as a large number of small tile pages. For example, the available storage area present in each of window region 600 and window region 620 may include a large number of metapages having a size of less than 64 KB.
On the other hand, window region 610 may include a memory region where memory allocation and deallocation for relatively large data (e.g., multimedia data) does not occur frequently. When memory allocation and deallocation for relatively large data does not frequently occur in a memory region, the fragment rate of the corresponding memory region may be reduced. Thus, the available storage area present in window region 610 may exist as a small number of large fragment pages. For example, the available storage area present in window region 610 may include a small number of metapages having a size greater than 64 KB.
Fig. 6 and 7 are schematic views each showing a memory allocation process of a semiconductor apparatus according to an example embodiment of the inventive concepts.
Referring to fig. 6, an available memory region having a size greater than 64KB mainly exists in the window region 610 described above with reference to fig. 5. In this case, the memory protector 400 may prevent the tile page 612, the tile page 614, and the tile page 618 having a size of 64KB from being insecure accessed by the first processor 100, the second processor 102, and the third processor 104.
For example, the memory protector 400 may allocate a tile page 612, a tile page 614, and a tile page 618 having a size of 64KB as a secure buffer 700 for storing secure content data. In this case, a relatively large available memory area is allocated to the secure buffer 700, thereby obtaining the capacity required for the secure buffer 700 with a relatively small operation overhead.
However, since memory protector 400 searches for only 64KB sized tile pages of available storage area in window region 610, even when window region 610 includes a large number of 4KB sized tile pages 616, only 64KB sized tile pages 612, 614, and 618 are allocated to security buffer 700. If a tile metapage having a size of 64KB is insufficient, a delay or failure may occur in order to obtain the secure buffer 700.
Referring to fig. 7, an available memory region having a size of less than 4KB mainly exists in the window region 600 described above with reference to fig. 5. In this case, the memory protector 400 may prevent the tile page 602, the tile page 604, the tile page 606, and the tile page 608 having a size of 4KB from being insecure accessed by the first processor 100, the second processor 102, and the third processor 104.
For example, the memory protector 400 may allocate a slice page 602, a slice page 604, a slice page 606, and a slice page 608 having a size of 4KB as the secure buffer 700 for storing secure content data. Therefore, the capacity required for the security buffer 700 can be obtained even from a storage area having a high fragment rate.
As shown in fig. 6 and 7, the collection of relatively small patch pages and the collection of relatively large patch pages each have advantages and disadvantages. In other words, the collection of the relatively large-sized leaf cells has an advantage in that a high capacity can be quickly obtained with a relatively small overhead, and has a disadvantage in that the relatively small-sized leaf cells cannot be utilized. Meanwhile, the collection of relatively small-sized metapages has an advantage in that memory resources can be sufficiently utilized, and has a disadvantage in that overhead is frequently generated.
Accordingly, in various exemplary embodiments of the inventive concept, memory 420 includes a plurality of window regions 600, 610, and 620. The storage area corresponding to window area 600 and window area 620 among the plurality of window areas 600, 610 and 620 provides a relatively small-sized metapage, and the storage area corresponding to window area 610 among the plurality of window areas 600, 610 and 620 provides a relatively large-sized metapage, thereby effectively obtaining the security buffer 700 for the secure content data.
Fig. 8 and 9A are schematic diagrams illustrating a page table used by the memory protector 400 according to an example embodiment of the inventive concepts.
Referring to fig. 8, memory protector 400 may use page table 800 including memory address information corresponding to a plurality of window regions 600, 610, and 620.
The page table 800 may include a memory address 810 of the memory 420, security attribute information 820, 830, 840, and 850 regarding the address, and window identification flag information 860 corresponding to the address.
In some example embodiments of the inventive concepts, the security attribute information 820, the security attribute information 830, the security attribute information 840, and the security attribute information 850 may include a non-secure read (NSR) flag 820, a non-secure write (NSW) flag 830, a Secure Read (SR) flag 840, and a Secure Write (SW) flag 850, and the window identification flag information 860 may include a window identification flag (W) 860. For example, it indicates that in the memory addresses where the non-secure read flag 820 and the non-secure write flag 830 are set, non-secure access is possible, and that in the memory addresses where the secure read flag 840 and the secure write flag 850 are set, only secure access is possible.
Meanwhile, referring to fig. 9A, in the page table 870, the window region 600, the window region 610, and the window region 620 are divided using the window identification flag information 860.
For example, when the value of the window identification flag information 860 is '0', the memory region corresponding to the memory address 810 may be searched as a first-sized (e.g., 4KB) tile page. In contrast, when the value of the window identification flag information 860 is '1', the memory region corresponding to the memory address 810 may be searched as a second size (e.g., 64KB) of the tile page.
For example, since the value of the window identification flag information 860 corresponding to the memory address 810 of "0 x0100_ 0000" to "0 x07FF _ FFFF" in the storage area is '0', the storage area may represent the window area 600 that can provide the metapage of the first size (e.g., 4 KB). In addition, since the value of the window identification flag information 860 corresponding to the memory address 810 of "0 x3000_ 0000" to "0 x4FFF _ FFFF" in the storage area is '1', the storage area may represent the window area 610 that can provide the metapage of the second size (e.g., 64 KB). Further, since the value of the window identification flag information 860 corresponding to the memory address 810 of "0 x5100_ 0000" to "0 x57FF _ FFFF" in the storage area is '0', the storage area may represent the window area 620 in which the metapage of the first size (e.g., 4KB) may be provided.
As described above, memory 420 includes a plurality of window regions 600, 610, and 620. Among the plurality of window regions 600, 610, and 620, a storage region corresponding to window regions 600 and 620 provides a relatively small-sized metapage, and a storage region corresponding to window region 610 provides a relatively large-sized metapage, thereby effectively obtaining a secure buffer 700 for secure content data.
FIG. 9B is a schematic diagram illustrating another example embodiment of the page table shown in FIG. 9A.
Referring to fig. 9B, page table 872, which uses window identification flag information 860 to partition window region 600, window region 610, and window region 620, may be different from page table 870 described with reference to fig. 9A.
In the case of the page table 870 of FIG. 9A, a window identification flag 860 is stored for each memory address 810. For example, the memory addresses 810 of "0 x0100_ 0000" to "0 x07FF _ FFFF" have window identification flags 860 each having a value of '0', and the memory addresses 810 of "0 x3000_ 0000" to "0 x4FFF _ FFFF" have window identification flags 860 each having a value of '1'. When page table 870 is configured in this manner, the size of page table 870 becomes very large because each of n (here, n is an integer of 1 or more) memory addresses includes n window identification flags 860.
In contrast, in the page table 872 of the exemplary embodiment, the window identification 860 is not stored for each memory address 810, but only one window identification 860 is assigned to each window region. Specifically, page table 872 may include starting address (S _ ADDR), ending address (E _ ADDR), and window identification flag (W) columns.
For example, the window area 600 having a start address of "0 x0100_ 0000" and an end address of "0 x07FF _ FFFF" stores a window identification flag having a value of '0' to allow a window corresponding to an address range to provide a tile metapage of a first size (e.g., 4 KB). Further, the window area 610 whose start address is "0 x3000_ 0000" and end address is "0 x4FFF _ FFFF" stores a window identification flag having a value of '1' to allow a window corresponding to an address range to provide a second size (e.g., 64KB) of a tile page.
Since the page table 872 configured in this manner includes only a single window identifying flag 860 for each of the regions indicated by the window region 600, the window region 610, and the window region 620, the size of the page table 872 can be made very small.
Fig. 9C is a schematic diagram illustrating another operation of the semiconductor apparatus according to an example embodiment of the inventive concept, and fig. 9D is a schematic diagram illustrating a page table used in the operation illustrated in fig. 9C.
Referring to fig. 9C, the memory 420 may include a plurality of window regions 660, 662, 664, 666, and 668.
For example, each of window regions 660 and 662 may include a storage area where memory allocation and deallocation for relatively small data frequently occurs. When memory allocation and deallocation for relatively small data frequently occurs in a memory region, the chip rate of the corresponding memory region may be increased. Thus, the available storage area present in each of window region 660 and window region 662 may exist as a large number of small sheets of debris. For example, the available storage area present in each of window region 660 and window region 662 may include a large number of metapages having a size of less than 64 KB.
On the other hand, each of the window region 664, 666, and 668 may include a storage region in which memory allocation and deallocation for relatively large data (e.g., multimedia data) does not frequently occur. When memory allocation and deallocation for relatively large data does not frequently occur in a memory region, the fragment rate of the corresponding memory region may be reduced. Thus, the available storage area present in each of window region 664, window region 666, and window region 668 may exist as a small number of large fragment pages. For example, the available storage area present in each of window region 664, window region 666, and window region 668 may include a small number of metapages having a size greater than 64 KB.
In view of such characteristics of the memory 420, a storage region corresponding to the window region 660 may be searched in a slice page unit of a first size (e.g., 4KB), a storage region corresponding to the window region 662 may be searched in a slice page unit of a second size (e.g., 64KB), a storage region corresponding to the window region 664 may be searched in a slice page unit of a third size (e.g., 256KB), a storage region corresponding to the window region 666 may be searched in a slice page unit of a fourth size (e.g., 1MB), and a storage region corresponding to the window region 668 may be searched in a slice page unit of a fifth size (e.g., 2 MB).
Meanwhile, in order to divide a plurality of window regions providing several sizes of tile pages, the window identification flag 860 may be represented by a plurality of bits. For example, in one example embodiment, since a total of five window regions must be divided, the window identification flag 860 may be represented by three bits such that at least six values may be divided. For example, the window identification 860 corresponding to the window regions 660, 662, 664, 666, and 668 may be indicated by "001", "010", "011", "100", "101", respectively.
Referring to fig. 9D, the page table 874, which divides the window region 660, the window region 662, the window region 664, the window region 666, and the window region 668 using the window identification flag information based on the above, may include start address (S _ ADDR), end address (E _ ADDR), and window identification flag (W) columns.
For example, a window region 662 having a starting address of "$ C" and an ending address of "$ D" stores a window identification flag having a value of '010' to allow a window corresponding to the address range to provide a second size (e.g., 64KB) of tile pages. Further, a window region 668 whose start address is "$ I" and end address is "$ J" stores a window identification flag having a value of '101' to allow a window corresponding to the address range to provide a metapage of a fifth size (e.g., 2 MB).
Since the page table 874 configured in this way includes only a single window identification flag 860 for each of the regions indicated by the window region 660, the window region 662, the window region 664, the window region 666, and the window region 668, the size of the page table 874 can be made very small.
Fig. 10 is a schematic view illustrating a memory allocation process of a semiconductor apparatus according to another example embodiment of the inventive concepts.
Referring to fig. 10, memory 420 may include a window region 630, a window region 640, and a window region 650.
This exemplary embodiment is different from the above-described exemplary embodiments in that fragment pages can be dynamically allocated to the secure buffer 700. As described above, when the secure storage area is reserved in the memory 420 in advance in anticipation of not determining whether the secure data requested by the first processor 100, the second processor 102, and the third processor 104 is secure, the secure storage area cannot be used for any other purpose until the requests of the first processor 100, the second processor 102, and the third processor 104 do exist, thus wasting memory resources.
Thus, in one exemplary embodiment, memory protector 400 may partition window region 630, window region 640, and window region 650 in memory 420, but may dynamically allocate a metapage taking into account the memory capacity required by security buffer 700.
For example, when 1024KB of memory capacity is needed for the first time to obtain secure buffer 700, memory protector 400 may collect available memory from only window region 630 in memory 420 and allocate the collected available memory to secure buffer 700. Thereafter, when an additional 128KB of memory capacity is needed a second time, memory protector 400 may collect available memory from window region 640 and window region 650 in memory 420 and additionally allocate the collected available memory to security buffer 700.
Of course, even in one exemplary embodiment, as in the above-described exemplary embodiments, the window region 630, the window region 640, and the window region 650 may be set such that metapages having sizes different from each other may be provided. For example, window region 630 may be searched in a unit of a second size (e.g., 64KB) of a chip page, and each of window region 640 and window region 650 may be searched in a unit of a first size (e.g., 4KB) of a chip page.
As described above, memory 420 includes a plurality of window regions 630, 640, and 640. The memory area corresponding to window region 640 and window region 650 among the plurality of window regions 630, 640 and 650 provides a relatively small-sized metapage, the memory area corresponding to window region 630 among the plurality of window regions 630, 640 and 650 provides a relatively large-sized metapage, and, if necessary, dynamically provides available memory to security buffer 700, thereby effectively obtaining security buffer 700 for secure content data.
Fig. 11 is a schematic diagram illustrating a page table used by a memory protector according to another example embodiment of the inventive concepts.
Referring to fig. 11, unlike the example embodiment of fig. 8, a page table 900 of a memory protector 400 according to another example embodiment of the inventive concept may include address information 910 of a memory 420, security attribute information 920 on an address, and window identification flag information 930 corresponding to the address.
The page table 900 includes only a non-secure access (NSA) flag as the security attribute information 920 instead of a non-secure read (NSR) flag, a non-secure write (NSW) flag, a Secure Read (SR) flag, and a Secure Write (SW) flag, thereby reducing the size of the page table 900 while allowing access between a non-secure storage region and a secure storage region.
Fig. 12 is a schematic diagram illustrating a page table used by a content firewall controller and a memory management controller according to an example embodiment of the inventive concepts.
Referring to fig. 12, unlike the example embodiments of fig. 2 and 3, security attribute information included in the page table 1000 of the content firewall controller 300 and the memory management controller 200 according to another example embodiment of the inventive concept includes only a secure read flag and a secure write flag.
The page table 1000 includes only a secure read flag and a secure write flag as the secure attribute information 920 instead of a non-secure read (NSR) flag, a non-secure write (NSW) flag, a Secure Read (SR) flag, and a Secure Write (SW) flag. In this case, even if requests from the first processor 100 that are not security-conscious can be managed only by the secure read flag and the secure write flag, the requests are made to be security-conscious. As such, only secure read flags and secure write operations are maintained in page table 1000, thereby reducing the size of page table 1000.
Fig. 13 to 15 illustrate non-limiting example embodiments of semiconductor systems to which semiconductor devices may be applied, according to some example embodiments of the inventive concepts.
Fig. 13 shows a tablet PC 1200, fig. 14 shows a notebook computer 1300, and fig. 15 shows a smartphone 1400. As discussed above, the semiconductor device according to some exemplary embodiments of the inventive concept may be used for (including but not limited to) the tablet PC 1200, the notebook computer 1300, and/or the smart phone 1400. Furthermore, it is apparent to those skilled in the art that the semiconductor devices according to some example embodiments of the inventive concept may also be applied to other integrated circuit devices not shown herein, as discussed above. In other words, it has been described so far that examples of the semiconductor system according to the present non-limiting example embodiment include the tablet PC 1200, the notebook computer 1300, and the smartphone 1400. However, examples thereof are not limited thereto. In some example embodiments of the inventive concepts, the semiconductor system may be implemented as, but is not limited to, a computer, an ultra-mobile PC, a workstation, a netbook, a Personal Digital Assistant (PDA), a portable computer, a wireless phone, a mobile phone, an electronic book, a Portable Multimedia Player (PMP), a portable game machine, a navigation device, a black box, a digital camera, a three-dimensional television, a digital audio recorder, a digital image recorder, a digital picture player, a digital video recorder, or a digital video player.
It will be understood that, although example embodiments of the inventive concept have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the inventive concept as disclosed in the accompanying claims.

Claims (33)

1. A semiconductor device, comprising:
a processor configured to perform operations based on data stored in the memory;
a memory protector configured to:
dividing the memory into a first window region and a second window region, the first window region comprising a first memory region for memory allocation and de-allocation of first data, the first memory region being divided into first metapages of a first size, the second window region comprising a second memory region for memory allocation and de-allocation of second data, the second memory region being divided into second metapages of a second size, the second size being smaller than the first size,
if the request from the processor is not at least one of a secure read and a secure write, the first and second metapages are prevented from being accessed by the processor,
wherein the size of the second data is smaller than the size of the first data.
2. The semiconductor device of claim 1, wherein the memory protector is configured to: preventing the first metapage and the second metapage from being accessed by the processor based on a first page table, the first page table including memory address information corresponding to at least one of the first window region and the second window region.
3. The semiconductor device of claim 2, wherein the first page table further comprises:
security attribute information regarding the memory address information,
window identification flag information corresponding to the memory address information.
4. The semiconductor device according to claim 3, wherein the security attribute information includes a security read flag, a security write flag, a non-security read flag, and a non-security write flag.
5. The semiconductor device according to claim 3, wherein the security attribute information includes only a non-secure access flag.
6. The semiconductor device of claim 1, wherein the memory protector is further configured to: the first and second fragment pages are allocated to a secure buffer.
7. The semiconductor device of claim 6, wherein the memory protector is further configured to:
partitioning a third window region from the memory, wherein the third window region comprises a third metapage of a third size;
the third metapage is prevented from being accessed by the processor if the request for access is not at least one of a secure read and a secure write.
8. The semiconductor device of claim 7, wherein the memory protector is further configured to: the third fragment page is allocated to the secure buffer.
9. The semiconductor device according to claim 1, wherein the first size is 64KB and the second size is 4 KB.
10. The semiconductor device according to claim 1, wherein the memory comprises a dynamic random access memory.
11. The semiconductor device according to claim 1,
the memory includes a secure area and a non-secure area,
the processor is configured to:
the secure area is accessed by a secure address,
the insecure area is accessed by an insecure address,
the semiconductor device further includes:
a content firewall controller configured to: the processor is prevented from (i) writing secure content data in the non-secure area or (ii) reading system data stored in the non-secure area.
12. The semiconductor device of claim 11, wherein the content firewall controller is configured to: using a second page table, the second page table including memory address information and security attribute information about the memory address information.
13. The semiconductor device according to claim 12, wherein the security attribute information includes a security read flag, a security write flag, a non-security read flag, and a non-security write flag.
14. The semiconductor device according to claim 12, wherein the security attribute information includes only a security read flag and a security write flag.
15. The semiconductor device of claim 11, wherein the content firewall controller is further configured to: physical addresses for accessing the memory are received from a memory management controller, which is coupled to the processor.
16. A semiconductor device, comprising:
a memory comprising a first window region, a second window region and a secure buffer region, the memory configured to reserve the secure buffer region for secure content data, wherein the first window region comprises a first memory region for memory allocation and de-allocation of first data, the first memory region being divided into first metapages of a first size, the second window region comprises a second memory region for memory allocation and de-allocation of second data, the second memory region being divided into second metapages of a second size, the second size being smaller than the first size;
a memory controller configured to:
searching for a first metapage of a first size in a first window area,
the first fragment page is assigned to the secure buffer area,
searching for a second metapage of a second size in a second window region,
allocating a second fragment page to a secure buffer area;
a memory protector configured to:
providing information about the first window region and the second window region to the memory controller,
if the request for access from the processor is not at least one of a secure read and a secure write, the first fragment page and the second fragment page are prevented from being accessed,
wherein the size of the second data is smaller than the size of the first data.
17. The semiconductor device of claim 16, wherein the memory controller is configured to: at least one of the first and second slice metapages is dynamically allocated to the secure buffer area.
18. The semiconductor device of claim 16, wherein each of the first and second window regions comprises a secure memory region and a non-secure memory region accessed by a secure address and a non-secure address, respectively.
19. The semiconductor device of claim 16, wherein the memory protector is configured to: information about the first window region and the second window region is provided to a memory controller based on a first page table including memory address information corresponding to at least one of the first window region and the second window region.
20. The semiconductor device of claim 19, wherein the first page table further comprises:
security attribute information regarding the memory address information,
window identification flag information corresponding to the memory address information.
21. The semiconductor device according to claim 20, wherein the security attribute information includes a security read flag, a security write flag, a non-security read flag, and a non-security write flag.
22. The semiconductor device according to claim 20, wherein the security attribute information includes only a non-security access flag.
23. The semiconductor device according to claim 16, further comprising:
a processor configured to perform operations based on data stored in the memory;
a content firewall controller configured to: the processor is prevented from (i) writing secure content data in the non-secure area or (ii) reading system data stored in the non-secure area.
24. The semiconductor device of claim 23, wherein the content firewall controller is configured to: physical addresses for accessing the memory are received from a memory management controller, which is coupled to the processor.
25. A semiconductor device, comprising:
a first processor;
a second processor, wherein the first processor and the second processor are configured to perform operations based on data stored in the memory;
a content firewall controller configured to determine whether a first physical address received from a memory management controller of a first processor is a secure address or a non-secure address;
a memory protector configured to:
receiving a second physical address from at least one of the content firewall controller and a memory management controller of the second processor to access the memory,
dividing the memory into a first window region and a second window region, wherein the first window region comprises a first memory region for memory allocation and de-allocation of first data, the first memory region is divided into first metapages of a first size, the second window region comprises a second memory region for memory allocation and de-allocation of second data, the second memory region is divided into second metapages of a second size, the second size is smaller than the first size,
preventing the first and second metapages from being accessed by the first and second processors if the request from at least one of the first and second processors is not at least one of a secure read and a secure write,
wherein the size of the second data is smaller than the size of the first data.
26. The semiconductor device according to claim 25, further comprising: a third processor for performing a third processing operation,
wherein the memory protector is configured to: the second physical address is received from an external memory management controller connected to the third processor to access the memory.
27. The semiconductor device of claim 25, wherein the memory protector is configured to: the first and second fragment pages are allocated to a secure buffer.
28. The semiconductor device of claim 27, wherein the memory protector is configured to:
partitioning a third window region from the memory, the third window region comprising a third metapage of a third size,
the third metapage is prevented from being accessed by the first processor and the second processor if the request from at least one of the first processor and the second processor is not at least one of a secure fetch and a secure write.
29. The semiconductor device of claim 28, wherein the memory protector is configured to: the third fragment page is allocated to the secure buffer.
30. The semiconductor device according to claim 25,
each of the first and second window regions includes a secure storage region and a non-secure storage region,
at least one of the first processor and the second processor is configured to:
the secure memory area is accessed by a secure address,
the non-secure storage area is accessed by a non-secure address.
31. A semiconductor device, comprising:
a memory protector configured to:
dividing the memory into window regions, wherein the window regions comprise a first window region section and a second window region section, the first window region section comprising a first memory region for memory allocation and de-allocation of first data, the first memory region being divided into first metapages of a first size, the second window region section comprising a second memory region for memory allocation and de-allocation of second data, the second memory region being divided into second metapages of a second size, the second size being smaller than the first size,
generating information associated with the window region;
a memory controller configured to:
receiving the generated information associated with the window region,
allocating a security buffer area to the memory based on the generated information associated with the window area,
wherein the size of the second data is smaller than the size of the first data.
32. The semiconductor device of claim 31, wherein the memory protector is further configured to: the first and second tile metapages are prevented from being accessed by the processor.
33. The semiconductor device according to claim 31,
the memory controller is configured to:
receive an instruction from the processor to access the memory,
a first metapage is searched for,
the first fragment page is assigned to the secure buffer area,
a second sheet of meta-pages is searched for,
the second fragment page is allocated to the secure buffer.
CN201610471517.8A 2015-06-29 2016-06-24 Semiconductor device with a plurality of semiconductor chips Active CN106295413B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR10-2015-0092246 2015-06-29
KR20150092246 2015-06-29
KR10-2015-0118708 2015-08-24
KR1020150118708A KR102432473B1 (en) 2015-06-29 2015-08-24 Semiconductor device

Publications (2)

Publication Number Publication Date
CN106295413A CN106295413A (en) 2017-01-04
CN106295413B true CN106295413B (en) 2021-07-20

Family

ID=57537295

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610471517.8A Active CN106295413B (en) 2015-06-29 2016-06-24 Semiconductor device with a plurality of semiconductor chips

Country Status (3)

Country Link
US (1) US10657274B2 (en)
CN (1) CN106295413B (en)
DE (1) DE102016111497A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6762924B2 (en) * 2017-12-01 2020-09-30 株式会社東芝 Information processing equipment, information processing methods, and programs
KR102147912B1 (en) 2019-08-13 2020-08-25 삼성전자주식회사 Processor chip and control methods thereof
US11481323B2 (en) * 2019-09-25 2022-10-25 Meta Platforms Technologies, Llc Systems and methods for efficient data buffering

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7334108B1 (en) * 2004-01-30 2008-02-19 Nvidia Corporation Multi-client virtual address translation system with translation units of variable-range size
US7412579B2 (en) * 2004-12-30 2008-08-12 O'connor Dennis M Secure memory controller
CN104838630A (en) * 2012-10-10 2015-08-12 思杰***有限公司 Policy-based application management

Family Cites Families (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3453757B2 (en) * 1989-05-29 2003-10-06 株式会社日立製作所 Buffer management method
JP2858795B2 (en) * 1989-07-14 1999-02-17 株式会社日立製作所 Real memory allocation method
US5802341A (en) * 1993-12-13 1998-09-01 Cray Research, Inc. Method for the dynamic allocation of page sizes in virtual memory
JP3604176B2 (en) * 1994-09-14 2004-12-22 株式会社東芝 Virtual space management method and distributed processing system
US6314501B1 (en) * 1998-07-23 2001-11-06 Unisys Corporation Computer system and method for operating multiple operating systems in different partitions of the computer system and for allowing the different partitions to communicate with one another through shared memory
US7620769B2 (en) * 2000-01-06 2009-11-17 Super Talent Electronics, Inc. Recycling partially-stale flash blocks using a sliding window for multi-level-cell (MLC) flash memory
US6647482B1 (en) * 2000-04-07 2003-11-11 Intel Corporation Method for optimized representation of page table entries
US7336283B2 (en) * 2002-10-24 2008-02-26 Hewlett-Packard Development Company, L.P. Efficient hardware A-buffer using three-dimensional allocation of fragment memory
US7398348B2 (en) * 2004-08-24 2008-07-08 Sandisk 3D Llc Method and apparatus for using a one-time or few-time programmable memory with a host device designed for erasable/rewritable memory
US7444523B2 (en) * 2004-08-27 2008-10-28 Microsoft Corporation System and method for using address bits to signal security attributes of data in the address space
US20070226795A1 (en) 2006-02-09 2007-09-27 Texas Instruments Incorporated Virtual cores and hardware-supported hypervisor integrated circuits, systems, methods and processes of manufacture
US8307416B2 (en) 2007-01-03 2012-11-06 Texas Instruments Incorporated Data structures for use in firewalls
US7747838B2 (en) * 2007-05-19 2010-06-29 International Business Machines Corporation Method and apparatus for dynamically adjusting page size in a virtual memory range
US7730248B2 (en) 2007-12-13 2010-06-01 Texas Instruments Incorporated Interrupt morphing and configuration, circuits, systems and processes
JP5381336B2 (en) * 2009-05-28 2014-01-08 富士通株式会社 Management program, management apparatus, and management method
US8209510B1 (en) * 2010-01-13 2012-06-26 Juniper Networks, Inc. Secure pool memory management
US8296538B2 (en) 2010-02-17 2012-10-23 Arm Limited Storing secure mode page table data in secure and non-secure regions of memory
US8682639B2 (en) * 2010-09-21 2014-03-25 Texas Instruments Incorporated Dedicated memory window for emulation address
US8904115B2 (en) * 2010-09-28 2014-12-02 Texas Instruments Incorporated Cache with multiple access pipelines
US8738860B1 (en) * 2010-10-25 2014-05-27 Tilera Corporation Computing in parallel processing environments
IL210169A0 (en) 2010-12-22 2011-03-31 Yehuda Binder System and method for routing-based internet security
US20130013889A1 (en) 2011-07-06 2013-01-10 Jaikumar Devaraj Memory management unit using stream identifiers
US8375221B1 (en) 2011-07-29 2013-02-12 Microsoft Corporation Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
US20130305388A1 (en) * 2012-05-10 2013-11-14 Qualcomm Incorporated Link status based content protection buffers
US8910307B2 (en) * 2012-05-10 2014-12-09 Qualcomm Incorporated Hardware enforced output security settings
KR101954733B1 (en) * 2012-10-26 2019-03-06 삼성전자주식회사 System-on-chip processing secured contents and mobile device comprising the same
US8930638B2 (en) * 2012-11-27 2015-01-06 Qualcomm Technologies, Inc. Method and apparatus for supporting target-side security in a cache coherent system
JP2015536736A (en) 2012-12-05 2015-12-24 スミス アンド ネフュー インコーポレーテッド Surgical instruments
KR101657561B1 (en) * 2012-12-12 2016-09-19 후아웨이 테크놀러지 컴퍼니 리미티드 Data processing method and apparatus in cluster system
US9672162B2 (en) 2013-08-16 2017-06-06 Arm Limited Data processing systems
KR101615809B1 (en) 2014-04-15 2016-04-27 송경식 Improved chain cover

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7334108B1 (en) * 2004-01-30 2008-02-19 Nvidia Corporation Multi-client virtual address translation system with translation units of variable-range size
US7412579B2 (en) * 2004-12-30 2008-08-12 O'connor Dennis M Secure memory controller
CN104838630A (en) * 2012-10-10 2015-08-12 思杰***有限公司 Policy-based application management

Also Published As

Publication number Publication date
CN106295413A (en) 2017-01-04
US20160379004A1 (en) 2016-12-29
US10657274B2 (en) 2020-05-19
DE102016111497A1 (en) 2016-12-29

Similar Documents

Publication Publication Date Title
JP4941148B2 (en) Dedicated mechanism for page mapping in GPU
US9547535B1 (en) Method and system for providing shared memory access to graphics processing unit processes
US9965392B2 (en) Managing coherent memory between an accelerated processing device and a central processing unit
US8850158B2 (en) Apparatus for processing remote page fault and method thereof
US8451281B2 (en) Shared virtual memory between a host and discrete graphics device in a computing system
US8395631B1 (en) Method and system for sharing memory between multiple graphics processing units in a computer system
US7290114B2 (en) Sharing data in a user virtual address range with a kernel virtual address range
US9697111B2 (en) Method of managing dynamic memory reallocation and device performing the method
US9146879B1 (en) Virtual memory management for real-time embedded devices
US10824555B2 (en) Method and system for flash-aware heap memory management wherein responsive to a page fault, mapping a physical page (of a logical segment) that was previously reserved in response to another page fault for another page in the first logical segment
US8892810B2 (en) Semiconductor device and memory protection method
US20140040577A1 (en) Automatic Use of Large Pages
US20160188251A1 (en) Techniques for Creating a Notion of Privileged Data Access in a Unified Virtual Memory System
CN106295413B (en) Semiconductor device with a plurality of semiconductor chips
KR20160064720A (en) Cache Memory Device and Electronic System including the Same
US8751724B2 (en) Dynamic memory reconfiguration to delay performance overhead
EP3188028B1 (en) Buffer management method and apparatus
CN110196819B (en) Memory access method and hardware
US8543770B2 (en) Assigning memory to on-chip coherence domains
US6525739B1 (en) Method and apparatus to reuse physical memory overlapping a graphics aperture range
US11960723B2 (en) Method and system for managing memory associated with a peripheral component interconnect express (PCIE) solid-state drive (SSD)
JP6676052B2 (en) System and method for enabling improved latency in a non-uniform memory architecture
CN116964564A (en) Increasing address space layout randomization entropy by page remapping and rotation
CN111026680A (en) Mapping a first identifier to a second identifier
TWI708147B (en) Semiconductor device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant